What Are Your Responsibilities as a Microsoft Customer?

Hi there.

My name is Matt Mulcahy.

I am the Director of Business Development at ProSource.

And today I wanted to touch on Microsoft

365 and some of the misconceptions

around the responsibilities when using the service.

As a Microsoft Partner,

pretty much all of our customers are using the Microsoft 365 ecosystem.

We do believe it is the best and unrivaled

platform to run your business on from a technology standpoint.

But there are some pitfalls that you have to be aware of as a business owner

when using that platform.

And what I have up on my screen

here is the shared responsibility model from Microsoft.

So what we see is a big misconception

is that, hey, my data is in the cloud.

My data is hosted by Microsoft.

So they’re handling all of it.

It’s safe, it’s secure.

It’s backed up. And that’s not true.

When you look

at this division of responsibility, you’ll notice the first three rows here

— 1) Information and data, 2) Devices, and 3) Accounts and identities

— are always the responsibility of the customer.

What that means is that you’re on the hook for all of that.

That is not made readily aware.

As you can see, I’m on, you know, a deep TechNet article

within the Microsoft Knowledge Base is where they house this type of stuff.

And it’s not necessarily top of mind

and they don’t make it well known when using the service.

So making sure these three items

are addressed by your IT team is extremely important.

So the first one is information and data.

What does that mean?

Basically, any of the data in SharePoint, OneDrive —

or wherever any of

that information might be stored within the 365 ecosystem

and its associated apps — is your responsibility to maintain.

So while Microsoft has traditionally had very good

retention and availability,

having an extra layer of security there on the backup side:

backing it up to a private data center, backing it up to your own data center,

backing it up to a storage device in your office.

There’s a lot of ways to maintain that

data, but it’s your responsibility at the end of the day.

That is the number one misconception we see is people assume that Microsoft

is doing this for them. They’re not.

The second one is devices.

It’s pretty obvious hardware, even if you, you know, buy something

direct like a Surface from Microsoft, that’s your responsibility to maintain.

So making sure you have a good asset inventory,

making sure you have good asset management is always going to be on you.

And that’s an easy one. That’s kind of a no-brainer.

And then accounts and identities.

So this is really managing your accounts.

Most of our customers are using Azure AD.

If you have a login to Microsoft, you’re using Azure AD,

whether you know it or not.

So making sure you have a good understanding of those accounts

and making sure you have an export just to have historical data.

And if something catastrophic were to happen,

you have something to reference

to rebuild those accounts and identities is very important.

As you go down further in this matrix, you can see the responsibility begins

to either be split or completely owned by Microsoft,

and that’s what we’re talking about, the infrastructure primarily.

So you’re using Azure, obviously, they’re providing you

all of the networking, they’re providing you the physical hosts,

and that’s where you’re really getting the value from Microsoft.

But what they’re not doing for you is maintaining your information and data.

They’re not owners of your devices, and they’re definitely not owning

your accounts and identities.

Those are the three core things you have to be thinking about and have

continuity plans around when working with Microsoft.

If you have any other questions about how we ensure data, devices,

and accounts identities are maintained beyond Microsoft, feel free to reach out.

Our contact information’s at the bottom of this video.

And once again, thanks so much for watching. Have a great day.